The invention relates to the control of access to system resources in a computer system.
A problem that the present invention addresses is the control of access to resources in a computer system in the event of an error related to the resource to be accessed. The resource can be, for example, a memory location or a block of memory, a memory device, a peripheral device, etc. The error can be as a result of a failure of the resource itself, or a failure along the communication path from the processor to the resource or faulty programming of an application program or of an operating system.
U.S. Pat. No. 5,627,965 describes a fault tolerant computer system including a central processor sub-system and a plurality of other subsystems, the subsystems being connected via a main data transfer bus. The central processor subsystem comprises three central processor modules. Each central processor module (or CPUset) includes a central processing unit (CPU) connected to a private bus, a first bus interface connecting the private bus to a shared bus, and a second bus interface connecting the shared bus to the main bus. The CPUsets are connected over respective private buses to a shared bus. Connected to the shared bus is a slot response memory. The slot response memory includes locations corresponding to respective slots for subsystems on the main bus. According to column 15 of U.S. Pat. No. 5,627,965, where a subsystem in a slot is functioning correctly, a location in the slot response memory corresponding to that slot will contain xe2x80x980xe2x80x99 data and the slot response register will not interfere with data transfers on the main bus. Where the subsystem in a slot becomes defective or absent from the system, then the location in the slot response memory corresponding to that slot is set to xe2x80x981xe2x80x99 and all subsequent attempts to access the defective or absent subsystem will result in artificial termination of the data transfer attempt.
PCT application PCT/US99/12605 is directed to a bridge for a fault tolerant computer system, which bridge connects I/O buses of first and second processing sets to a common I/O device bus. A resource control mechanism in the bridge provides an interface for exchanging signals with one or more resource slots of the device bus, each of the resource slots being capable of communicating with a system resource. The resource control mechanism in the bridge also includes a register associated with each system resource, the register having switchable indicia that indicate an operating state of the associated system resource. The control mechanism is operable in use to direct signals to and/or from respective system resources of the computer system.
The prior arrangements for resource access control as described above have required the provision of a specific arrangement to achieve this, and particularly in the context of a fault tolerant computing system. As a result, such resource access control arrangements are not generally applicable to more conventional computer systems.
An aim of the present invention is to provide an improved approach to resource access control that is applicable to many types of computer systems.
Particular and preferred aspects of the invention are set out in the accompanying independent and dependent claims. Combinations of features from the dependent claims may be combined with features of the independent claims as appropriate and not merely as explicitly set out in the claims.
In one aspect, the invention provides a resource access controller for a computer system including at least one central processing unit. The resource access controller controls access to resources addressed by at least one said central processing unit. The resource access controller includes an address translation mechanism operable to provide a translation of received addresses and to provide a fake response identification as to whether or not a response for a received address associated therewith is to be faked. It further includes a fake response generator operable to generate a faked response where a fake response identification indicates that a response is to be faked.
In accordance with an embodiment of the invention, therefore, a resource access controller is able to associate fake response indications with a resource and to generate a fake response when an attempt is made to access a resource labeled such that a faked response should be returned. An embodiment of the invention is able to halt an attempt to access a faulty resource and to fake a response to such an access attempt in a rapid manner as part of an address translation mechanism.
In one embodiment, the address translation mechanism can be arranged to have a plurality of address translation entries for translating received addresses. Each address translation entry is associated with one or more addresses and provides a fake response identification as to whether or not a response for a received address associated therewith is to be faked. The fake response generator can then be operable to generate a faked response where a fake response identification of an address translation entry for a received address indicates that a response is to be faked.
The resource access controller can form part of a bridge that interconnects a first bus connected to a processor of the computer system, which processor includes at least one said central processing unit, and at least a second bus. However, the resource access controller can be provided at other points in a computer system where an address translation is performed, for example in a memory management unit.
The labeling as to whether or not a faked response is to be generated can then be achieved by means of an address translation mechanism. Each translation entry can be configured to provide an indication as to whether a faked response should be returned or not when use is made of the translation entry.
The address translation mechanism can be configured using an associative memory containing the plurality of translation entries. The address translation mechanism can, moreover, be configured using a translation look-aside buffer.
Each translation entry can include a plurality of translation status indicators.
A first buffer can be provided for translation entries for translations not to be faked and a second buffer can be provided for translation entries for translations to be faked. The indication of whether a faked response is to be generated or not can be derived from the buffer in which the translation entry is located.
Alternatively, a buffer can be provided for translation entries for both translations not to be faked and translations to be faked, each translation entry including a fake response status identifier indicating whether or not a response for the corresponding address translation is to be faked.
In an alternative embodiment, the address translation mechanism can be operable to provide a translation of received addresses by decoding a first subset of bits of a received address and, on identifying a predetermined combination of those bits, to pass a further subset of bits of the received address if a fake response identification indicates that a response for a received address is not to be faked.
In operation of an embodiment of the invention, an access can be halted where the fake response identification of the translation entry for an address translation for the access indicates that a response is to be faked. The fake response generator can then be operable to return a faked response to the processor. The fake response generator can also be operable to substitute a known good address for the received address for the access.
As an embodiment of the invention is implemented using an address translation mechanism, and an address translation mechanism will typically form part of many computing systems, the invention finds wide applicability. Thus, an embodiment of the invention can find applicability to computing systems including one or more processors and to computing systems designed specifically to be fault tolerant and to computing systems for more general use.
In another aspect, the invention provides a computer system including a resource access controller as set out above, at least one processor that includes at least one central processing unit, memory and at least one peripheral device, the resource access controller controlling access by at least one central processing unit of at least one processor to the memory and the peripheral device.
In a further aspect, the invention provides a method of managing processor access to resources in a computer system. The method includes steps of: holding in an address translation mechanism, a plurality of address translation entries for translating received addresses, each address translation entry being associated with one or more addresses and providing a fake response identification as to whether or not a response for a received address associated therewith is to be faked; and selectively generating a faked response where a fake response identification of an address translation entry for a received address indicates that a response is to be faked.